# NixOps configuration for the hosts utilising IOHK resources

{ config, pkgs, lib, ... }:

{

  imports = [
    ../profiles/terminal-recording.nix
    ../profiles/nix-direnv.nix
  ];

  nix = {
    package = pkgs.nixFlakes;
    binaryCaches = [
      "https://cache.nixos.org"
      "https://erc20.cachix.org"
      "https://hydra.iohk.io"
      "https://hydra.mantis.ist"
      "s3://iohk-vit-bitte/infra/binary-cache/?region=eu-central-1"
    ];
    binaryCachePublicKeys = [
      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
      "erc20.cachix.org-1:SSf1RXfccF4/rwiwgBrbV7n8EBn0xciuU/TMdtor8LE="
      "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
      "iohk.cachix.org-1:DpRUyj7h7V830dp/i6Nti+NEO2/nhblbov/8MW7Rqoo="
      "hydra.mantis.ist-1:4LTe7Q+5pm8+HawKxvmn2Hx0E3NbkYjtf1oWv+eAmTo="
      "vit-testnet-0:0lvkEoYh+XrBh7pr4bXjsUisUkUxsyLvvWBIJwym/RM="
    ];
    extraOptions = ''
      #repeat = 1   # Ensure reproducibility of builds
      experimental-features = nix-command flakes ca-references
    '';
  };

  # Set the system-wide environment
  environment = {
    systemPackages = with pkgs; [
      awscli            # Unified tool to manage your AWS services
      bitwarden-cli     # CLI client for Bitwarden
      buildkite-agent   # Buildkite for IOHK
      cue               # A data constraint language
      docker            # Pack, ship and run any application as a lightweight container
      docker-compose    # Multi-container orchestration for Docker
      freerdp           # A Remote Desktop Protocol Client, xfreerdp
      gist              # Upload code to https://gist.github.com (or github enterprise)
      gnupg             # GNU Privacy Guard, a GPL OpenPGP implementation
      go-jira           # Simple command line client for Atlassian's Jira service written in Go
      jq                # A lightweight and flexible command-line JSON processor
      keybase-gui       # The Keybase official client
      magic-wormhole    # Securely transfer data between computers
      python38Packages.grip   # Preview GitHub Markdown files like locally
      s3fs              # Mount an S3 bucket as filesystem through FUSE
      shellcheck        # Shell script analysis tool
      slack-dark        # Slack desktop client
      xxd               # make a hexdump or do the reverse
    ];
    variables = {
      NIX_SKIP_KEYBASE_CHECKS = "1";   # As per IOHK Keybase reqs
    };
  };

  virtualisation.docker.enable = true;

  services = {
    keybase.enable = true;
    #postgresql = {
    #  enable = true;                  # Ensure postgresql is enabled
    #  package = pkgs.postgresql_10;   # Set the required version, if needed
  };

  users.groups.docker.members = [
    "craige"
  ];

}